diff --git a/.env b/.env index de6e17dde..34a7b2ae5 100644 --- a/.env +++ b/.env @@ -3,6 +3,7 @@ ZABBIX_ALPINE_IMAGE_TAG=alpine-6.4 ZABBIX_CENTOS_IMAGE_TAG=centos-6.4 ZABBIX_OL_IMAGE_TAG=ol-6.4 ZABBIX_UBUNTU_IMAGE_TAG=ubuntu-6.4 +ZABBIX_RHEL_IMAGE_TAG=rhel-6.4 ZABBIX_IMAGE_TAG_POSTFIX=-latest ZABBIX_LOCAL_IMAGE_TAG_POSTFIX=-local @@ -65,6 +66,7 @@ ALPINE_CACHE_FROM=alpine:3.19 CENTOS_CACHE_FROM=quay.io/centos/centos:stream9 OL_CACHE_FROM=oraclelinux:9-slim UBUNTU_CACHE_FROM=ubuntu:jammy +RHEL_CACHE_FROM=registry.access.redhat.com/ubi9/ubi-minimal:9.3 # Base images BUILD_BASE_IMAGE=zabbix-build-base @@ -84,3 +86,6 @@ OL_OS_TAG_SHORT=ol UBUNTU_OS_TAG=Ubuntu UBUNTU_OS_TAG_SHORT=ubuntu + +RHEL_OS_TAG=Red Hat +RHEL_OS_TAG_SHORT=rhel diff --git a/.github/workflows/images_build.yml b/.github/workflows/images_build.yml index ff816205a..9430cdbb8 100644 --- a/.github/workflows/images_build.yml +++ b/.github/workflows/images_build.yml @@ -378,6 +378,8 @@ jobs: file: ${{ format('{0}/{1}/{2}/Dockerfile', env.DOCKERFILES_DIRECTORY, env.BASE_BUILD_NAME, matrix.os) }} platforms: ${{ steps.platform.outputs.list }} push: true + provenance: mode=max + sbom: true tags: ${{ steps.meta.outputs.tags }} labels: | org.opencontainers.image.revision=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }} @@ -628,6 +630,8 @@ jobs: file: ${{ format('{0}/{1}/{2}/Dockerfile', env.DOCKERFILES_DIRECTORY, matrix.build, matrix.os) }} platforms: ${{ steps.platform.outputs.list }} push: true + provenance: mode=max + sbom: true tags: ${{ steps.meta.outputs.tags }} build-args: BUILD_BASE_IMAGE=${{ steps.base_build.outputs.base_build_image }} labels: | @@ -978,6 +982,8 @@ jobs: file: ${{ format('{0}/{1}/{2}/Dockerfile', env.DOCKERFILES_DIRECTORY, matrix.build, matrix.os) }} platforms: ${{ steps.platform.outputs.list }} push: ${{ env.AUTO_PUSH_IMAGES == 'true' }} + provenance: mode=max + sbom: ${{ env.AUTO_PUSH_IMAGES == 'true' }} tags: ${{ steps.meta.outputs.tags }} build-args: BUILD_BASE_IMAGE=${{ steps.base_build.outputs.base_build_image }} labels: | diff --git a/.gitignore b/.gitignore index 03f34fddd..b2f027583 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ zbx_env*/ .*CERT_FILE .*KEY_FILE .*CA_FILE +Dockerfiles/*/rhel/secrets/* diff --git a/Dockerfiles/agent/ol/Dockerfile b/Dockerfiles/agent/ol/Dockerfile index 53ffd4218..8a0e8d0d3 100644 --- a/Dockerfiles/agent/ol/Dockerfile +++ b/Dockerfiles/agent/ol/Dockerfile @@ -36,7 +36,6 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ set -eux && \ INSTALL_PKGS="bash \ tini \ - tzdata \ iputils \ pcre2 \ libcurl \ diff --git a/Dockerfiles/agent/rhel/Dockerfile b/Dockerfiles/agent/rhel/Dockerfile index a9bcb356d..bfef1486e 100644 --- a/Dockerfiles/agent/rhel/Dockerfile +++ b/Dockerfiles/agent/rhel/Dockerfile @@ -54,7 +54,6 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ set -eux && \ INSTALL_PKGS="bash \ tini \ - tzdata \ iputils \ shadow-utils \ pcre2 \ @@ -64,6 +63,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ rpm -ivh /tmp/epel-release-latest-9.noarch.rpm && \ rm -rf /tmp/epel-release-latest-9.noarch.rpm && \ microdnf -y install \ + --disableplugin=subscription-manager \ --disablerepo "*" \ --enablerepo "ubi-9-baseos-rpms" \ --enablerepo "epel" \ @@ -72,7 +72,17 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ --best \ --setopt=tsflags=nodocs \ ${INSTALL_PKGS} && \ + microdnf -y update \ + --disableplugin=subscription-manager \ + --disablerepo "*" \ + --enablerepo "ubi-9-baseos-rpms" \ + --setopt=install_weak_deps=0 \ + --best \ + --setopt=tsflags=nodocs \ + tzdata && \ microdnf -y reinstall \ + --disableplugin=subscription-manager \ + --disablerepo "*" \ --enablerepo "ubi-9-baseos-rpms" \ --setopt=install_weak_deps=0 \ --setopt=keepcache=0 \ diff --git a/Dockerfiles/agent2/ol/Dockerfile b/Dockerfiles/agent2/ol/Dockerfile index 1070a421d..5bbb9a7fa 100644 --- a/Dockerfiles/agent2/ol/Dockerfile +++ b/Dockerfiles/agent2/ol/Dockerfile @@ -41,7 +41,6 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ set -eux && \ INSTALL_PKGS="bash \ tini \ - tzdata \ iputils \ pcre2 \ libcurl \ diff --git a/Dockerfiles/agent2/rhel/Dockerfile b/Dockerfiles/agent2/rhel/Dockerfile index 603920f69..80c42bc34 100644 --- a/Dockerfiles/agent2/rhel/Dockerfile +++ b/Dockerfiles/agent2/rhel/Dockerfile @@ -59,7 +59,6 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ set -eux && \ INSTALL_PKGS="bash \ tini \ - tzdata \ iputils \ shadow-utils \ pcre2 \ @@ -70,6 +69,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ rpm -ivh /tmp/epel-release-latest-9.noarch.rpm && \ rm -rf /tmp/epel-release-latest-9.noarch.rpm && \ microdnf -y install \ + --disableplugin=subscription-manager \ --disablerepo "*" \ --enablerepo "ubi-9-baseos-rpms" \ --enablerepo "epel" \ @@ -78,7 +78,17 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ --best \ --setopt=tsflags=nodocs \ ${INSTALL_PKGS} && \ + microdnf -y update \ + --disableplugin=subscription-manager \ + --disablerepo "*" \ + --enablerepo "ubi-9-baseos-rpms" \ + --setopt=install_weak_deps=0 \ + --best \ + --setopt=tsflags=nodocs \ + tzdata && \ microdnf -y reinstall \ + --disableplugin=subscription-manager \ + --disablerepo "*" \ --enablerepo "ubi-9-baseos-rpms" \ --setopt=install_weak_deps=0 \ --setopt=keepcache=0 \ diff --git a/Dockerfiles/build-base/rhel/Dockerfile b/Dockerfiles/build-base/rhel/Dockerfile index 057f6cb52..0e700b632 100644 --- a/Dockerfiles/build-base/rhel/Dockerfile +++ b/Dockerfiles/build-base/rhel/Dockerfile @@ -30,6 +30,7 @@ LABEL description="Prepared environment to build Zabbix components" \ COPY ["licenses", "/licenses"] RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + --mount=type=bind,target=/run/secrets/,src=secrets/ \ set -eux && \ INSTALL_PKGS="autoconf \ automake \ diff --git a/Dockerfiles/java-gateway/rhel/Dockerfile b/Dockerfiles/java-gateway/rhel/Dockerfile index 9ff2f28c6..961feaa04 100644 --- a/Dockerfiles/java-gateway/rhel/Dockerfile +++ b/Dockerfiles/java-gateway/rhel/Dockerfile @@ -55,6 +55,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ shadow-utils \ java-17-openjdk-headless" && \ microdnf -y install \ + --disableplugin=subscription-manager \ --disablerepo "*" \ --enablerepo "ubi-9-baseos-rpms" \ --enablerepo "ubi-9-appstream-rpms" \ diff --git a/Dockerfiles/proxy-mysql/rhel/Dockerfile b/Dockerfiles/proxy-mysql/rhel/Dockerfile index 6763702f0..2a2f12c66 100644 --- a/Dockerfiles/proxy-mysql/rhel/Dockerfile +++ b/Dockerfiles/proxy-mysql/rhel/Dockerfile @@ -54,6 +54,7 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/conf/zabbix_proxy.conf", "/etc/ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/mysql/create_proxy.sql.gz", "/usr/share/doc/zabbix-proxy-mysql/create.sql.gz"] RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + --mount=type=bind,target=/run/secrets/,src=secrets/ \ set -eux && \ INSTALL_PKGS="bash \ tini \ @@ -91,7 +92,17 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ --best \ --setopt=tsflags=nodocs \ ${INSTALL_PKGS} && \ + microdnf -y update \ + --disableplugin=subscription-manager \ + --disablerepo "*" \ + --enablerepo "ubi-9-baseos-rpms" \ + --setopt=install_weak_deps=0 \ + --best \ + --setopt=tsflags=nodocs \ + tzdata && \ microdnf -y reinstall \ + --disableplugin=subscription-manager \ + --disablerepo "*" \ --enablerepo "ubi-9-baseos-rpms" \ --setopt=install_weak_deps=0 \ --best \ diff --git a/Dockerfiles/proxy-sqlite3/rhel/Dockerfile b/Dockerfiles/proxy-sqlite3/rhel/Dockerfile index cffd08ecb..e6d9edf82 100644 --- a/Dockerfiles/proxy-sqlite3/rhel/Dockerfile +++ b/Dockerfiles/proxy-sqlite3/rhel/Dockerfile @@ -53,6 +53,7 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/zabbix_sender/zabbix_sender COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/conf/zabbix_proxy.conf", "/etc/zabbix/zabbix_proxy.conf"] RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + --mount=type=bind,target=/run/secrets/,src=secrets/ \ set -eux && \ INSTALL_PKGS="bash \ tini \ @@ -87,7 +88,17 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ --best \ --setopt=tsflags=nodocs \ ${INSTALL_PKGS} && \ + microdnf -y update \ + --disableplugin=subscription-manager \ + --disablerepo "*" \ + --enablerepo "ubi-9-baseos-rpms" \ + --setopt=install_weak_deps=0 \ + --best \ + --setopt=tsflags=nodocs \ + tzdata && \ microdnf -y reinstall \ + --disableplugin=subscription-manager \ + --disablerepo "*" \ --enablerepo "ubi-9-baseos-rpms" \ --setopt=install_weak_deps=0 \ --setopt=keepcache=0 \ diff --git a/Dockerfiles/server-mysql/ol/Dockerfile b/Dockerfiles/server-mysql/ol/Dockerfile index 54728afe4..189080b18 100644 --- a/Dockerfiles/server-mysql/ol/Dockerfile +++ b/Dockerfiles/server-mysql/ol/Dockerfile @@ -43,7 +43,6 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ traceroute \ nmap \ file-libs \ - tzdata \ iputils \ traceroute \ libevent \ diff --git a/Dockerfiles/server-mysql/rhel/Dockerfile b/Dockerfiles/server-mysql/rhel/Dockerfile index d92bf488f..c130f7b0e 100644 --- a/Dockerfiles/server-mysql/rhel/Dockerfile +++ b/Dockerfiles/server-mysql/rhel/Dockerfile @@ -54,6 +54,7 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/conf/zabbix_server.conf", "/etc COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/mysql/create_server.sql.gz", "/usr/share/doc/zabbix-server-mysql/create.sql.gz"] RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + --mount=type=bind,target=/run/secrets/,src=secrets/ \ set -eux && \ INSTALL_PKGS="bash \ tini \ @@ -61,7 +62,6 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ nmap \ fping \ shadow-utils \ - tzdata \ iputils \ hostname \ libssh \ @@ -95,7 +95,17 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ --best \ --setopt=tsflags=nodocs \ ${INSTALL_PKGS} && \ + microdnf -y update \ + --disableplugin=subscription-manager \ + --disablerepo "*" \ + --enablerepo "ubi-9-baseos-rpms" \ + --setopt=install_weak_deps=0 \ + --best \ + --setopt=tsflags=nodocs \ + tzdata && \ microdnf -y reinstall \ + --disableplugin=subscription-manager \ + --disablerepo "*" \ --enablerepo "ubi-9-baseos-rpms" \ --setopt=install_weak_deps=0 \ --setopt=keepcache=0 \ diff --git a/Dockerfiles/server-pgsql/ol/Dockerfile b/Dockerfiles/server-pgsql/ol/Dockerfile index 76ae60242..b2c993962 100644 --- a/Dockerfiles/server-pgsql/ol/Dockerfile +++ b/Dockerfiles/server-pgsql/ol/Dockerfile @@ -46,7 +46,6 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ traceroute \ nmap \ iputils \ - tzdata \ traceroute \ libevent \ libssh \ diff --git a/Dockerfiles/snmptraps/ol/Dockerfile b/Dockerfiles/snmptraps/ol/Dockerfile index 80e1a7c0e..e7b60f3ed 100644 --- a/Dockerfiles/snmptraps/ol/Dockerfile +++ b/Dockerfiles/snmptraps/ol/Dockerfile @@ -24,7 +24,6 @@ STOPSIGNAL SIGTERM RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ set -eux && \ INSTALL_PKGS="bash \ - tzdata \ net-snmp" && \ microdnf -y install \ --disablerepo="*" \ diff --git a/Dockerfiles/snmptraps/rhel/Dockerfile b/Dockerfiles/snmptraps/rhel/Dockerfile index d5175a45a..98cc13549 100644 --- a/Dockerfiles/snmptraps/rhel/Dockerfile +++ b/Dockerfiles/snmptraps/rhel/Dockerfile @@ -46,9 +46,9 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ set -eux && \ INSTALL_PKGS="bash \ shadow-utils \ - tzdata \ net-snmp" && \ microdnf -y install \ + --disableplugin=subscription-manager \ --disablerepo="*" \ --enablerepo "ubi-9-baseos-rpms" \ --enablerepo "ubi-9-appstream-rpms" \ @@ -57,6 +57,23 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ --best \ --setopt=tsflags=nodocs \ ${INSTALL_PKGS} && \ + microdnf -y update \ + --disableplugin=subscription-manager \ + --disablerepo "*" \ + --enablerepo "ubi-9-baseos-rpms" \ + --setopt=install_weak_deps=0 \ + --best \ + --setopt=tsflags=nodocs \ + tzdata && \ + microdnf -y reinstall \ + --disableplugin=subscription-manager \ + --disablerepo "*" \ + --enablerepo "ubi-9-baseos-rpms" \ + --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ + --best \ + --setopt=tsflags=nodocs \ + tzdata && \ groupadd \ --system \ --gid 1995 \ diff --git a/Dockerfiles/web-nginx-mysql/rhel/Dockerfile b/Dockerfiles/web-nginx-mysql/rhel/Dockerfile index 5030f1ea6..290f92973 100644 --- a/Dockerfiles/web-nginx-mysql/rhel/Dockerfile +++ b/Dockerfiles/web-nginx-mysql/rhel/Dockerfile @@ -49,9 +49,9 @@ COPY ["conf/etc/", "/etc/"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"] RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + --mount=type=bind,target=/run/secrets/,src=secrets/ \ set -eux && \ INSTALL_PKGS="bash \ - tzdata \ curl-minimal \ supervisor \ shadow-utils \ @@ -83,12 +83,22 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ --best \ --setopt=tsflags=nodocs \ ${INSTALL_PKGS} && \ - microdnf -y reinstall \ + microdnf -y update \ + --disableplugin=subscription-manager \ + --disablerepo "*" \ --enablerepo "ubi-9-baseos-rpms" \ --setopt=install_weak_deps=0 \ --best \ --setopt=tsflags=nodocs \ + tzdata && \ + microdnf -y reinstall \ + --disableplugin=subscription-manager \ + --disablerepo "*" \ + --enablerepo "ubi-9-baseos-rpms" \ + --setopt=install_weak_deps=0 \ --setopt=keepcache=0 \ + --best \ + --setopt=tsflags=nodocs \ tzdata && \ groupadd \ --system \ diff --git a/Dockerfiles/web-service/rhel/Dockerfile b/Dockerfiles/web-service/rhel/Dockerfile index 8762c0c46..051de40bf 100644 --- a/Dockerfiles/web-service/rhel/Dockerfile +++ b/Dockerfiles/web-service/rhel/Dockerfile @@ -50,6 +50,7 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/go/bin/zabbix_web_service", COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/go/conf/zabbix_web_service.conf", "/etc/zabbix/zabbix_web_service.conf"] RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + --mount=type=bind,target=/run/secrets/,src=secrets/ \ set -eux && \ INSTALL_PKGS="bash \ shadow-utils \ @@ -62,7 +63,6 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ --disablerepo "*" \ --enablerepo "ubi-9-baseos-rpms" \ --enablerepo "ubi-9-appstream-rpms" \ - --enablerepo "rhel-9-for-$ARCH_SUFFIX-baseos-rpms" \ --enablerepo "rhel-9-for-$ARCH_SUFFIX-appstream-rpms" \ --enablerepo "epel" \ --setopt=install_weak_deps=0 \ @@ -71,6 +71,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ --setopt=tsflags=nodocs \ ${INSTALL_PKGS} && \ microdnf -y install \ + --disableplugin=subscription-manager \ --disablerepo "*" \ --enablerepo "ubi-9-baseos-rpms" \ --enablerepo "ubi-9-appstream-rpms" \